1.888.749.9800

Blog

Managing IT Risk (Part 2)

Third Party Risk Management

Following up on my prior post Third Party Risk Management, (4/9/18), I’d like to share my recommendations to monitor and manage IT risk.

There are a number of Governance, Risk, and Compliance (GRC) tools available, ranging from the inexpensive to the extremely expensive. Small to medium size companies are generally […]

By |April 17th, 2018|Blog|Comments Off on Managing IT Risk (Part 2)

Managing IT Risk (Part 1)

Third Party Risk Management

Topping my list of information security risks for the coming year is third party risk management. Small to medium size companies do not have the workforce necessary to monitor the security posture of their technology service providers. To properly address the issue, a company will need to put the following in place and dedicate resources […]

By |April 9th, 2018|Blog|Comments Off on Managing IT Risk (Part 1)

Best Practices for Contracting with Cloud Service Vendors

I was recently asked about best practices for contracting with cloud service vendors – and thought this advice was worth sharing.

What is the best strategy if you decide to change vendors?

Always conduct a parallel transition. This will keep your data in place at your original vendor during the transition. This cost more but will protect […]

By |March 16th, 2018|Blog|Comments Off on Best Practices for Contracting with Cloud Service Vendors
  • Permalink Gallery

    The Shift that EternalBlue May Have Caused Within IT Leadership

The Shift that EternalBlue May Have Caused Within IT Leadership

For leaders in IT, 2017 has been the year of EternalBlue (the weaponized version of the vulnerability described in MS17-010), whether they know it or not.  EternalBlue allowed the trivial exploitation of Microsoft systems allowing an attacker to gain the highest level of system permissions.  This sort of vulnerability set the hacking community on fire and allowed […]

By |February 26th, 2018|Blog|Comments Off on The Shift that EternalBlue May Have Caused Within IT Leadership

How to Prevent a Ransomware Attack

It is always better to be proactively prepared and prevent ransomware attacks than having to react after an attack occurs. Paying the ransom is not recommended.

Law enforcement and IT Security companies have joined forces to disrupt cybercriminal businesses with ransomware connections. The “No More Ransom” website is an initiative by […]

By |February 16th, 2018|Blog, Security Breach|Comments Off on How to Prevent a Ransomware Attack

Intel’s Meltdown and Spectre Vulnerabilities

By now you have probably read some articles about the Meltdown and Spectre vulnerabilities but you may still be seeking guidance for how your organization should react.

First a quick recap, Meltdown and Spectre were announced early in January of 2018. Unlike most other vulnerabilities, Meltdown and Spectre exploit critical vulnerabilities in modern processors. Meltdown primarily […]

By |January 29th, 2018|Blog|Comments Off on Intel’s Meltdown and Spectre Vulnerabilities
  • Permalink Gallery

    Why Phishing and Social Engineering Continue to be so Popular

Why Phishing and Social Engineering Continue to be so Popular

Phishing and social engineering continue precisely because they are so effective!

Sophisticated User: If you are the vice president of customer service and you receive an email purportedly from the Better Business Bureau that contains a link to Complaint #67587 about one of your products, how do you not click through on that embedded link?

By |January 4th, 2018|Blog, Security Breach|Comments Off on Why Phishing and Social Engineering Continue to be so Popular

Cyber Security Trends and Predictions for 2018

I was recently asked my thoughts about cyber security trends for the coming year. Here are a few of my predictions:

  • GDPR requirements will expose data handling issues that greatly exceed expert predictions. Tools will be developed to automate the encapsulation of discovered data into secure cloud based environments.  This will address security and data […]
By |December 11th, 2017|Blog|Comments Off on Cyber Security Trends and Predictions for 2018
  • Permalink Gallery

    Increasing Threat of Cyber Attacks: How Cyber Security has Shifted

Increasing Threat of Cyber Attacks: How Cyber Security has Shifted

Following are answers from a recent interview looking at the threat of cyberattacks and how cyber security has increased in recent years.

Q. What’s driving the shift in cyber security?

A. As the world becomes more digitally connected with a wide variety of available technologies and options, the need to secure the data has increased dramatically. The […]

By |November 27th, 2017|Blog, Security Breach|Comments Off on Increasing Threat of Cyber Attacks: How Cyber Security has Shifted
  • Permalink Gallery

    What are the five most critical steps to take during the first 48 hours post data breach?

What are the five most critical steps to take during the first 48 hours post data breach?

1. Protect – The first and most important (time sensitive) step is to protect your environment and prevent additional damage and/or data loss.  This could be as simple as disconnecting from any wired and wireless networks.  Also disconnect any local backup drives that could overwrite previously archived data.

2. Communicate – It is vital to […]

By |November 16th, 2017|Blog, Security Breach|Comments Off on What are the five most critical steps to take during the first 48 hours post data breach?

Can Additional Legislation Improve IoT Security

I was recently asked if increased legislation could help improve IoT security, and how it will affect the IT department. Here’s my response:

Legislation can absolutely help IoT security by ensuring that manufacturers follow common core principles, strategies and infrastructure. The Cybersecurity Improvement Act of 2017 is an example of how legislation can compel manufacturers to […]

By |October 23rd, 2017|Blog, IoT|Comments Off on Can Additional Legislation Improve IoT Security

Qualifying IT Security Risks

How should a small organization quantify risk when it comes to IT security?  

In my last post, I discussed how people with little or no IT security experience are often put in charge of IT security at small companies. I explained how they might approach telling their boss how things are going on the security […]

By |October 5th, 2017|Blog|Comments Off on Qualifying IT Security Risks

Tips to Maintain IT Security Equilibrium at a Small Company

Ask where somebody working in IT security at a small company got started, and there is a good chance it had nothing to do with IT security at all.

Considering the management infrastructure of the typical small organization, IT security is usually handed off to somebody who knows little about it, usually somebody from the IT […]

By |September 27th, 2017|Blog, Security Breach|Comments Off on Tips to Maintain IT Security Equilibrium at a Small Company

Most Commonly Overlooked Components of Operational Security

I was recently asked to comment on the most commonly overlooked components of operational security. To get the correct answer, sometimes it helps to take a step back and make sure you are asking the right question. The question should be “How do you ensure that your security program satisfies your operational security requirements?” With that question, […]

By |September 5th, 2017|Blog, ISO 27002|Comments Off on Most Commonly Overlooked Components of Operational Security
  • Permalink Gallery

    What role should security analytics play in information security programs today?

What role should security analytics play in information security programs today?

No one can argue that analyzing the security state of your IT environment (in a comprehensive and integrated manner) and taking proactive measures to prevent security incidents is the right way to manage an IT operation.  

The problem with Security Analytics isn’t a failure of vision; everyone agrees that we should be able to take […]

By |August 17th, 2017|Blog|Comments Off on What role should security analytics play in information security programs today?